🤖 Ready for Sovereignty 2026: Australian Insights Report. Get your copy
MarketplaceGRCCPG 235
GRCGuideline

CPG 235

Prudential Practice Guide CPG 235 - Managing Data Risk

The Prudential Practice Guide CPG 235 provides guidance for Australian financial institutions on how to effectively manage data risk. It focuses on identifying, assessing, and mitigating risks associated with data to ensure its integrity, availability, and confidentiality.

Book your strategy callView source ↗

Overview

The Prudential Practice Guide CPG 235, published by the Australian Prudential Regulation Authority (APRA), aims to help regulated financial institutions develop robust strategies for managing risks tied to their data assets. The guide emphasizes the importance of data management frameworks, risk assessments, and operational controls in safeguarding data integrity, availability, and confidentiality. While not a prescriptive standard, it serves as an advisory guide to align data risk management practices with prudential standards and regulatory expectations. Key themes include governance, accountability, and embedding effective controls. Institutions are encouraged to consider their size, complexity, and risk profile when implementing recommendations from this guide.

Related in GRC

GRCStandard

ISO 14001 — ISO 14001:2026 - Environmental management systems

ISO 14001:2026 is the internationally recognized standard for environmental management systems (EMS). It offers a framework for organizations to improve environmental performance through methods including resource optimization, waste management, and stakeholder engagement.

International Organization for Standardization (ISO) • v2026

View details
GRCLaw

SOX — Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act (SOX) is a U.S. federal law enacted in 2002 to enhance corporate accountability and financial transparency in response to major corporate scandals. It applies to publicly traded companies, mandating stricter financial reporting, internal controls, and governance standards.

US Government • United States

View details
GRCLaw

AML/CTF Act — Anti-Money Laundering and Counter-Terrorism Financing Act 2006

This is an Australian law established to prevent money laundering and financing of terrorism. It imposes obligations on certain entities to implement anti-money laundering and counter-terrorism financing measures, including customer due diligence, reporting, and record-keeping.

Australian Government • Australia • vCompilation No. 60, 31 March 2026

View details
GRCLaw

AML/CTF Rules — Anti-Money Laundering and Counter-Terrorism Financing Rules 2025

The Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 provide detailed obligations on reporting entities in Australia to prevent financial crimes, including money laundering and terrorism financing. Administered by the Department of Home Affairs, it supports compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Australian Government • Australia • vCompilation No. 1, 31 March 2026

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call